PDA

View Full Version : Exercise puts cadets on the cyber-defensive



thedrifter
05-04-07, 10:36 AM
Exercise puts cadets on the cyber-defensive
By Kelly Kennedy - Staff writer
Posted : Friday May 4, 2007 11:11:35 EDT

WEST POINT, N.Y. — Last year, huddled in a camouflaged classroom, senior cadets at the U.S. Military Academy here carefully checked each computer for bugs.

They secured possible entries to make sure hackers couldn’t bust into their online network.

They tested and retested to make sure all the parts and pieces worked well together.

And then they forgot to change the default password on one of the routers.

“It only took two minutes before their exchange server was owned,” said Army Capt. Joseph Salazar, who was sent from the National Security Agency to monitor West Point’s team for the annual Cyber Defense Exercise.

As a result, the Air Force Academy kicked West Point’s virtual tail.

This year, the Black Knights swore, they’d strike back.

Seven years ago, cadets at West Point began working with the NSA to create an exercise that would simulate conditions if the military were required to set up an Internet system in a foreign country — just as cyber-soldiers have done in Iraq. The NSA acts as the opposing force, known as the “red cell,” and spends a week trying to take down virtual networks set up by each of the military academies for the event.

Each academy team starts with 50,000 points, then loses points any time its system is down, any unencrypted e-mails are sent out or any missteps are made in following directions about setting up the network. They can also earn points by completing tasks the NSA sends out during the week. The academy with the most points at the end of a week of attacks wins.

The cadets don’t do any hacking themselves — it’s all defense. And they don’t attack or work with the other academies. Instead, NSA gives them a scenario — this year, it was to dig into a war-torn developing nation called Meridia.

To set up the network — which must include e-mail accounts, chat rooms and a database — they must use some of their own equipment, as well as some sketchy Meridian equipment.

“They try to make it relevant — something we’ll see in our Army career if we choose this path,” said Robert Singley, a cadet serving as deputy commander for West Point’s team. “As much as this is a competition, it’s a learning experience.”

This year, things seemed quieter as cadets hovered around computers looking for warning signs of problems. “It’s a marked difference from last year,” Salazar said. “The tone and tempo is a lot calmer.”

But that calm forced an electric hyperawareness.

“This hurts my head,” said Phil Supple, cradling his temples as he gazed at a computer screen.

“What’s that?” asked Tyler Hallmark, who hadn’t left the room since noon the day before. “Oh wait. It’s not an attack — it’s just a recon.”

In the early stages of the exercise, the NSA sent out hit after hit to find out what system each computer used, whether the cadets had found the glitches hidden in the Meridian gear and whether there were any holes big enough to welcome worms, viruses or bugs.

Salazar chuckled in a corner as he looked out over the scene.

“It’s early, so [the NSA] is looking for holes to exploit,” he said. “Whenever they find vulnerability, they get to ring a bell.”

Last year, more than bells rang when the Air Force Academy’s Web site suddenly announced, “We love Red Cell!”

And then the West Point cadets became traitors to their team when “Go Navy, Beat Army,” appeared on their site. The Red Cell happens to include a crew of Navy guys.

“The red cell is very, very good,” Salazar said. “There will be vulnerabilities — it’s near impossible to get them all.”

In a sign of how seriously this exercise is taken these days, 25 West Point cadets missed classes for the week to spend every second defending their network.

“I really take pride in this,” Singley said. “I really want to win. I really love doing this.”

They sat blurry-eyed and stiff-necked — and it was only Monday. But for the previous two weeks, the cadets were busy Googling for systems information, cracking textbooks they hadn’t seen since they were plebes, and writing days and days of code.

Jeffrey Cox spent the night prior to the games trying to fix a computer that had suddenly stopped working at 9:30 p.m.

“I created three virtual systems to try to rebuild it,” Cox said. “I finally had it up 10 minutes before the game began — and then the first computer started working again.”

This is fun?

“This is a blast,” Cox said. “We pretty much spend all our time learning something new.”

Back in Meridia, a cluster of cadets watched as a screen showing the Air Force Academy’s system went red.

“If it’s a lot of red, they’re in a hurt box,” Cox said. “We’re all green right now. Navy was down for a few minutes. All the way down. Air Force just came back up.”

For two hours, the cadets watched. Nothing. Nothing. More nothing.

“We’ve been kind of on edge,” Cox said. “I think we’d like a little excitement just to know what’s going on. We would like a few hits.”

And then: “Hey! Somebody in forensics come look at this!”

But it was just another unnerving false alarm.

Salazar said the games provide the students with training and the NSA with potential future employees. Several students will perform internships on the red team.

“The game prepares them for what they’ll be doing in the real world,” Salazar said.

In the end, West Point retained their cool — and even got a little cocky. They taunted the Red Team with a false document describing a Web server as Linux, then watched as the Red Team tried to attack a Linux system.

“Much to their surprise, it was actually a Windows server,” said Maj. Damon Becknel, a West Point computer science professor. “We went the entire exercise this year without a compromise from the Red Team.”

Each of the other academies had break-ins, including yet another announcement on the Air Force Academy Web site: “Red Team owns U.”

West Point won the event with 53,615 points, while the Coast Guard Academy came in second with 52,105. Air Force placed third with 50,350 points; Navy was fourth with 49,750 points, and the Marines placed fifth with 49,315 points.

The Air Force Institute, which participates in the exercise but does not officially compete, had 52,549 points.

“It’s different every year,” Salazar said. “This year, West Point’s using their chain of command and staying calm. I’ll probably come back next year and things will be different again.”

Ellie